How severe is CVE-2024-10513?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-10513?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2024-10513 - HIGH Severity | CVSS 7.2

Vulnerability Description

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the vulnerable endpoint '/api/document/move-files', an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.

Related Vulnerabilities

CVE-2022-1373

HIGH

CVSS:7.2(High)

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load ...

CWE-232022

CVE-2022-1648

HIGH

CVSS:7.2(High)

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute ...

CWE-232022

CVE-2022-20754

HIGH

CVSS:7.2(High)

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker...

CWE-232022

CVE-2022-20755

HIGH

CVSS:7.2(High)

CWE-232022

CVE-2025-26349

HIGH

CVSS:7.2(High)

A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted ...

CWE-232025

CVE-2021-34605

HIGH

CVSS:7.3(High)

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vuln...

CWE-232021